jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).
2018-05-15T21:29:00.400
2024-11-21T03:23:49.493
Modified
CVSSv3.0: 5.4 (MEDIUM)
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | jenkins | jenkins | < 2.32.2 | Yes |
| Application | jenkins | jenkins | < 2.44 | Yes |